Questions based on the following scenario.

Questions

1. If General Hospital implemented a new online patient portal that allowed patients to request disclosure of their medical information online, what changes would need to be made to their release of information policy?

2. In the scenario in question 8 above, could General Hospital mandate all release of information requests be submitted through the online patient portal to help streamline the process internally and mitigate access and disclosure risks? Why or why not?

POLICY:

All information contained within a patient's medical record will be maintained in a confidential manner to protect the patient's right to confidentiality and comply with City, State and Federal Regulations including HIPAA.

PURPOSE:

This policy includes the procedures to follow when a patient requests to disclose their medical information to another physician, hospital, or medical facility, an attorney, an insurance company, to the patient or any other party as authorized by the patient.

Protected Health Information (PHI) may only be accessed/used or disclosed, as follows:

• to those directly involved in the treatment of the patient;
• to comply with public health regulations;
• for the payment of services provided to a patient;
• to researchers as authorized by the patient or an IRB approval;
• as required by law; or
• as authorized by the patient or other legally authorized individual/or entity.

Protected Health Information may be disclosed with a written authorization from the patient if all the following are met:

• The authorization is in writing, is dated, and is signed or otherwise authenticated(scanned or electronically signed). The exception is immunization records, which may be disclosed to a school with the verbal permission of the parent or the patient.
• The authorization specifies the information to be disclosed.
• The authorization specifies the entity or location to disclose the information.
• The authorization specifies the person or persons to receive the information.

PROCEDURES:

The following information must be reviewed, and documented that it was reviewed, before protected health information is disclosed:

• A patient or other designated/authorized individual requesting disclosure of the medical information has completed a Release of Information form. The Release of Information form must be completed or updated by the patient or other designated/authorized individual.
• The Release of Information should be reviewed to verify the signature (scanned or electronically signed) of the patient or legally authorized representative. Verbal or telephone authorization are not accepted.
• The date on the authorization must be no more than three-years-old or must not have expired.
• A healthcare provider can verbally disclose or fax medical information to a physician, hospital, or medical facility upon receipt of the required authorization or a statement in the record documenting that the patient is unable to authorize release of their information in an emergency.
• Medical information may be released and/or disclosed with another healthcare provider/healthcare organization without a signed authorization if the healthcare providers have a known patient in common or for continuity of care.